ee0a194b25
Several more SSO/OIDC related fixes, and bump version to 1.8.9.
2022-04-19 21:29:11 -04:00
ef08346a74
Fix a possible excessive memory use issue in controller and clean up a bunch of COM handling and other code in the normal node.
2022-04-19 19:59:54 -04:00
fe0068da52
A bit more auth cleanup in the local node.
2022-04-19 16:34:46 -04:00
cd70fefc5e
Clean up some credential push stuff.
2022-04-19 16:06:53 -04:00
877f86a896
build fix
2022-04-19 12:44:18 -04:00
912036b260
Push credentials always if updated (client-side) and some controller-side cleanup that should be logically irrelevant but will prevent unnecessary DB lookups.
2022-04-19 12:41:38 -04:00
134d33c218
Add a bit of hardening in the network certificate of membership by incorporating a full hash of the identity to which it is issued. This means the recipient need not depend entirely on the root verifying identities properly to make sure impersonation is not occurring.
2021-09-20 15:40:55 -07:00
06730c7d1d
BSL date bump
2020-08-20 12:51:39 -07:00
633cf9ec04
Warning removal
2019-08-23 21:28:26 -07:00
e8ae333443
Version bumps, license fixed, and GitHub issue #990 take two
2019-08-23 10:15:13 -07:00
52a166a71f
Relicense: GPLv3 -> ZeroTier BSL 1.1
2019-08-23 09:23:39 -07:00
639fc60257
GitHub issue #990
2019-08-04 15:08:33 -07:00
75ebe5172f
Fix for sharing of capabilities in 1.4 (problem introduced when push frequency was reduced)
2019-08-02 20:43:02 -07:00
a019c3dd5d
Tighten up credential push just a bit for faster up-time with older nodes, should not have significant impact on bandwidth. Also some cleanup and push direct path timing fixes.
2019-06-25 13:42:20 -07:00
39e1021f62
Replace certificate based gating of multicast like/gather with a simpler more efficient method, fix some minor issues with request based com/cert push, and clean up some other random stuff.
2019-03-21 16:18:49 -07:00
63ec19674c
.
2019-03-19 16:43:43 -07:00
0e597191b8
Updated licenses for 2019
2019-01-14 10:25:53 -08:00
b3c2c0866f
Times should be int64_t, not uint64_t
2018-11-11 17:38:17 -08:00
65c07afe05
Copyright updates for 2018.
2018-01-08 14:33:28 -08:00
099bedd2e9
A few more uint64_t -> int64_t changes for timestamps
2017-10-04 12:01:17 -07:00
b1d60df44c
timestamps changed from uint64_t to int64_t
...
There were cases in the code where time calculations and comparisons were overflowing and causing connection instability. This will keep time calculations within expected ranges.
2017-10-02 15:52:57 -07:00
495c5ce81d
Bunch of remote tracing work.
2017-07-13 10:51:05 -07:00
1b68d6dbdc
License header update.
2017-04-27 20:47:25 -07:00
5ad120208f
Small fix, should filter by temporal validity.
2017-04-04 08:46:12 -07:00
eddbc7e757
Logic simplification, cleanup, and memory use improvements in Membership. Also fix an issue that may cause network instability in some cases.
2017-04-04 08:07:38 -07:00
8a62ba07e5
Membership cleanup work in progress.
2017-04-04 06:47:01 -07:00
e4896b257f
Add thread PTR that gets passed through the entire ZT core call stack and then passed to handler functions resulting from a call.
2017-03-27 17:03:17 -07:00
5e6a4e5f5e
Send revocations automatically on deauth for instant kill, also fix some issues with the RP.
2017-03-06 15:12:28 -08:00
72653e54f9
Finish wiring up ipauth and macauth to Network filter.
2017-02-23 12:34:17 -08:00
10185e92fa
Certificate of ownership -- used to secure against IP address spoofing, especially for IPv4 and regular IPv6.
2017-02-23 11:47:36 -08:00
78d548458b
Capabilities basically work but need to refactor a bit for performance reasons.
2017-02-06 16:38:48 -08:00
eac3667ec1
Bunch more refactoring and work on revocations, etc.
2016-09-26 16:17:02 -07:00
1f74dd4589
Revocation work in progress, add WATCH which is TEE with implicit rate sync (thanks JG@DCVC!), and clean up some cruft in Network.
2016-09-23 16:08:38 -07:00
d3524f3609
Refactor COM stuff a bit, and respond to COM requests a bit more readily for rapid setup. Will need to revisit later.
2016-09-20 21:21:34 -07:00
0d4109a9f1
More refactoring to clean up code, and add a gate function to make sure we do not handle OK packets we did not expect. This hardens up a few potential edge cases around security, since such messages might be used to e.g. pollute a cache and DOS under certain conditions.
2016-09-09 08:43:58 -07:00
16df2c3363
Clean up handling of COMs, network access control, and fix a backward compatiblity issue.
2016-09-08 19:48:05 -07:00
daf8a66ced
More correct and efficient to initialize member relationship push stuff lazily when member is learned.
2016-09-07 15:47:20 -07:00
1908aa55f5
Refactor MULTICAST_LIKE pushing to eliminate redundant and unnecessary pushes and simplify code.
2016-09-07 15:15:52 -07:00
1c08f5e857
Tweak some expire times.
2016-09-07 12:25:19 -07:00
c9ee8612e4
Credential TTL (tags/capabilities) should be credential time max delta, since we could get pushed one that is newer.
2016-09-07 12:12:52 -07:00
25056de5d3
Also need to send credentials when TEEing and REDIRECTing.
2016-08-31 17:56:59 -07:00
a3c7627acf
Push more than one packet for credentials if we happen to have a whole lot. Should not happen often but might if a member has tons of tags.
2016-08-26 14:43:16 -07:00
d637988ccf
Fix chicken or egg problem in tags, and better filter debug instrumentation.
2016-08-25 18:21:20 -07:00
e52c2c41ec
Add a circuit breaker to prevent too many credentials from being stored per member.
2016-08-24 17:24:35 -07:00
0a7a33ef8f
Instantaneous blacklisting and credential revocation.
2016-08-23 13:46:36 -07:00
32fa061700
Compute credential TTL et al.
2016-08-23 13:02:59 -07:00
9a3c652a51
Get rid of expiration in Capability and Tag and move this to NetworkConfig so it can be set network-wide and reset if needed. Also add NetworkConfig field for this and centralize checking of credential time validity.
2016-08-22 18:06:46 -07:00
00fd9c3a15
It builds... almost ready to test some rules engine stuff.
2016-08-08 17:33:26 -07:00
8007ca56aa
Refactor and tie-up of capabilities and tags and packet evaluation points. Some optimization is possible here but it is minor and we will make it work first.
2016-08-08 16:50:00 -07:00
e2f783ebbd
.
2016-08-05 15:02:01 -07:00
